==========================================================================
Ubuntu Security Notice USN-4078-2
August 19, 2019
openldap vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in OpenLDAP.
Software Description:
– openldap: OpenLDAP utilities
Details:
USN-4078-1 fixed several vulnerabilities in openldap. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that OpenLDAP incorrectly handled rootDN delegation. A
database administrator could use this issue to request authorization as an
identity from another database, contrary to expectations. (CVE-2019-13057)
It was discovered that OpenLDAP incorrectly handled SASL authentication and
session encryption. After a first SASL bind was completed, it was possible
to obtain access by performing simple binds, contrary to expectations.
(CVE-2019-13565)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
slapd 2.4.31-1+nmu2ubuntu8.5+esm1
Ubuntu 12.04 ESM:
slapd 2.4.28-1.1ubuntu4.9
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4078-2
https://usn.ubuntu.com/4078-1
CVE-2019-13057, CVE-2019-13565
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBAgAGBQJdWqyGAAoJEEW851uECx9pwbIP/0Bge2zKmG2nwtC28m+1Qdzi
/0laYasTATLoUbWrFpulkCUyjJa5n/dww1W1Ydtkpzsw6fg/VXAr8TfKkVMKUY/7
4BcpEJQCBsG6TVTAnwG610qO6NokfRuJlUN7w9py8w7CaiUPOMIKlE3QsyWHzAXg
o7Uui/LpNY5rCX8rV+tVBMm2JVaJxuw9CvlkYk2RmhUHJ1YXxjn0w6uxSVfN8Ryg
gOdbcYWnK18ohRdENwkb1WYPCqKC/wgrH6ksoXMLByvVUBgky1GR17h2NLF63lxf
BVKYMZtU+c3/bgbdYvU5tEZBquWP/LxTGlzPQMXqs2orn9fhhcgygMKl99nh8O1x
R89H0K6HCgkBahZUdjL85XL9XOtK0pWavdYvejtH2smS0feyx+RYb2mAnyHONiYj
BiPEdGktPqi0FOh6OtGCZzFNfPr4getCYYULFkF/i5GwjFHS5cJOXycAlfN/kY2N
YY5qkBoerbAB5vgg3lAUDouHiFxA5UwspbnEppUzXFupZexw4wGXRdSlTOOCOOGt
fhwpGDvcz5CxvN/ZzzXgb6DmEf37Y+8TSZOTE4m7Gf/ZZG+QY92yODf/XG0fscBN
pEobt7OZCw2bFTrRvybxQEhVxkgNDvH3yE0Q34UnrDQCRXmY5l4Y0hkWHqWaJtNZ
oJ2H6C7733619qJ+CRhT
=wNCB
—–END PGP SIGNATURE—–
—